Have you checked and revalidated your employees passwords lately?
An excellent update and read.
Here is another link to a similar piece: https://therecord.media/the-nca-shares-585-million-passwords-with-have-i-been-pwned/
We have fully embraced MFA, which greatly reduces (but does not eliminate) password breach concerns.
Now to train users that a non-requested MFA push-notification is an IOC worthy of investigation/reporting -- given that a push only happens after a password is successfully entered.
Hi @Ronnyq Good comment,
But would you trust Google and Chrome?